Louis Vuitton Says Regional Data Breaches Tied to Same Cyberattack
Last week, luxury fashion giant Louis Vuitton notified customers that their personal data was exposed in a data breach, starting with South Korea. Since then, the retailer has expanded its notification list to include Turkey and now the United Kingdom, leaving many wondering if these breaches are connected.
According to Louis Vuitton's data breach notifications sent to customers, the incident occurred on July 2, 2025, when certain personal data of some clients was exfiltrated due to unauthorized access to their system. The company assured customers that its cybersecurity teams have taken immediate action to contain the incident, including blocking the unauthorized access.
In a statement to BleepingComputer, Louis Vuitton confirmed that no payment information was compromised from the database accessed during the incident. However, the company is working with cybersecurity experts to investigate the incident and has begun notifying relevant regulators.
Interestingly, the breach notifications in the different regions appear to be linked to the same security incident, according to Louis Vuitton's statement. When asked if this applies to all notifications sent to clients, the company confirmed that it does.
A Pattern Emerges: ShinyHunters Extortion Group Involved
Similar breaches have been disclosed by Tiffany & Co. in April and House of Dior in May, affecting customers in South Korea. Sources suggest that these LVMH breaches are linked to an attack by the ShinyHunters extortion group, which gained access and stole data from a third-party vendor's database.
ShinyHunters is a prolific threat actor tied to numerous data theft campaigns, including those against Salesforce and PowerSchool, as well as the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. Last month, French police arrested five operators of the BreachForum cybercrime forum, which included ShinyHunters members, who had helped re-launch the hacking forum.
However, it is believed that other members of the group are still at large, so other attacks may appear under the alias in the future. BleepingComputer contacted Louis Vuitton to ask if ShinyHunters was behind its breach but did not receive a response at this time.
Next Steps and Lessons Learned
As the fashion industry continues to navigate the challenges of data breaches, it is essential to take proactive measures to protect customer information. Cloud Detection & Response for Dummies offers practical guidance on how to contain emerging threats in real time before they impact your business.
In other news, Co-op confirms that the data of 6.5 million members was stolen in a cyberattack, while Qantas discloses a cyberattack amid Scattered Spider aviation breaches. Johnson Controls starts notifying people affected by a 2023 breach, and Victoria’s Secret restores critical systems after a cyberattack.
Lastly, the Texas Dept. of Transportation has been breached, with 300,000 crash records stolen. These recent incidents highlight the importance of cybersecurity awareness and the need for organizations to prioritize data protection.